Security Incidents mailing list archives
Re: Socks port 1080
From: rmclean () NATDOOR COM (Randy Mclean)
Date: Fri, 21 Jan 2000 11:04:19 -0600
Well from what I've seen, people will scan entire ranges of Ip's only looking socks and proxy ports(1080 and 8080). There are alot of people who do this for many reasons, but bigest reason is for spam. Many spamers will find as many socks proxies as they can use your computer as a relay to your isp mail/news server. If have a socks port open, SECURE IT. In my experience a Firewall works great if properly configured also some socks proxy software will have setting for allowing ip's only a few hosts(generally a good idea to use RFC 1918 address) . I hope this helps! At 09:41 AM 1/20/00 -0800, Heman Leopando wrote:
Any reason why someone would connect to port 1080? Are they using it as a bounce server for IRC? ============================================== Heman Leopando MIS/Network Manager Quicknet Technologies (415)864-5225 x52 www.quicknet.net
-- Randy Mclean Security/Network Administrator rmclean () natdoor com
Current thread:
- Re: Korea (was RE: ?), (continued)
- Re: Korea (was RE: ?) Patrick Oonk (Jan 28)
- Re: Korea (was RE: ?) Arrigo Triulzi (Jan 28)
- Re: Korea (was RE: ?) Dug Song (Jan 28)
- Re: Korea (was RE: ?) Patrick Oonk (Jan 28)
- DNS update queries: another sort of suspicious activity. Fyodor (Jan 28)
- Re: DNS update queries: another sort of suspicious activity. Patrick Oonk (Jan 28)
- Re: DNS update queries: another sort of suspicious activity. Fyodor (Jan 28)
- Re: DNS update queries: another sort of suspicious activity. Patrick Oonk (Jan 28)
- Recent Scans Edwin Covert (Jan 28)
- Re: DNS update queries: another sort of suspicious activity. Rob Quinn (Jan 31)
- Re: Socks port 1080 Randy Mclean (Jan 21)
- Re: Socks port 1080 Richard Bejtlich (Jan 21)
- Unusual Netstat Listing Rob (Jan 22)